Documentation | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Email End User Guide > What does the Status mean?
What does the Status mean?
The Status column of the personal email report includes a reason (such as Spam) and a disposition (such as Quarantined).
If a message was not delivered, the first (bold) word in this column indicates the reason why. The word below it indicates the action taken on the message, also known as the disposition of the message.
Quarantined spam messages include the spam score. The higher the score, the more likely it is that the message is spam.
The following table explains the possible reasons you may see:
 
Reason
Explanation
Access control
The message was blocked because of an access control rule set up by your administrator.
Access rule
The message was blocked because of an access control rule set up by your administrator.
Blocked attachment
The message contains an attachment whose type has been blocked by your policy.
Blocked executable
The message contains an executable attachment and executables have been blocked by your policy.
Blacklisted
The email address or domain of this sender is in your personal blacklist or your policy's blacklist.
Clean
The message does not violate any of your policy settings.
Dangerous content
The message contains content that may be dangerous to your machine. This reason can have many sub-reasons:
Double extension file - An attachment filename has a double file extension that can be used to mask the real function of the file.
Empty archive - The message contains an empty archive file.
Executable in service message - The message is a delivery status message that contains executable content.
openrelay(block) - The message sender should not have been able to send mail via the sending mail server.
Spoofed virus - The message contains a virus. The message sender appears to have been forged.
Suspicious attachments - ThreatSeeker found a suspicious attachment $1 in the message.
Zero byte archive - The message contains an empty archive attachment. This is probably because a virus has been removed.
Zero byte executable - The message contains an empty executable attachment. This is probably because a virus has been removed.
Extension masked
The message contains an attachment whose extension has been renamed as configured by your policy. For example, an executable extension may have been named ".ex_" to prevent it from being executed.
Format
The Format reason can have many sub-reasons:
*
Archive extraction failed - The service was unable to unpack an archive file and could not scan it.
*
Attachment missing filename - An attachment in the mail does not have a specified filename. This can be used to exploit some mail clients.
*
Email not multipart - The structure of the message is potentially malicious and can be used to attack some mail clients.
*
Encrypted - The message or an attachment is encrypted.
*
Expansion level exceeded - The mail contained too many levels of nested archives. Unable to scan the archive contents.
*
Filename blocked - An attachment name matched a service configured rule.
*
Filename too long - The subject contains a filename that is too long. This can be used to attack some mail clients.
*
Header blocked - The message header breaches a configured policy rule.
*
Header contains large data blocks - The message header contains a block of data longer than the permitted maximum.
*
Header length exceeds - The message header is longer than the permitted maximum. This can be used to attack some mail clients.
*
Message subject blocked - The message subject matches a service configured rule.
*
MIME type blocked - The message contains an attachment that is blocked by the configured policy.
*
Partial message body - The message cannot be scanned because it is missing parts of an attachment and has been blocked.
*
Password protected archive - The message contains a password protected archive file. This cannot be scanned therefore was blocked.
*
Potential outlook exploit - The date or subject in the message are too long. These can be used to attack mail clients like old versions of MS Outlook.
*
Signed - The message has been cryptographically signed. This message cannot be scanned and was quarantined.
*
Suspicious body characters - The message body contains binary information where it was not expected. This might be malicious.
*
Suspicious header characters - The message header contains binary information where it was not expected. This might be malicious.
*
Unroutable recipient - The email policy blocks delivery of mail to this subdomain.
*
Unroutable sender - The email policy blocks delivery of mail from users in this subdomain.
Lexical rule
The message contains content that breaks a lexical rule set up in your policy.
Macro
The message contains a suspected macro virus.
Message loop
The service detected a message delivery loop.
Operational
The message was blocked for operational reasons.
Potential virus
The message contains a potential virus that could be harmful to your machine.
Spam (n)
The message has been classified as spam by your email policy. Quarantined spam messages include a spam score. The higher the score, the more likely it is that the message is spam.
System
The message failed to be processed for system reasons.
Tempfailed
The mail server is down and temporarily could not receive mail.
Too large
This message is larger than the maximum size specified in the policy.
Unknown
The message encountered an unknown problem.
Virus
The message contains a known virus that is harmful to your machine.
Whitelisted
The email address or domain of this sender is in your personal whitelist or your policy's whitelist.
The following table lists possible dispositions:
 
Disposition
Explanation
Accept
The message was accepted and delivered.
Bcc
A blind copy of the message was sent; that is, the recipient's name has been obscured.
Bcc, subject tagged
A blind copy of the message was sent with the subject line tagged.
Bounced
The message was returned to the sender, undeliverable.
Bypass
The message bypassed the email security system.
Discarded
The message was deleted from the archive.
Quarantined
The message is being held in the email quarantine.
Spam forwarded
This spam message was forwarded to a recipient.
Subject tagged
The message subject was tagged.
Temp failed
The mail server is down and temporarily could not receive mail.
Unknown
The resulting action is not known.
Void
No action was taken.
If you require a message that has been blocked or quarantined because of your policy settings, please see your email administrator.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Email End User Guide > What does the Status mean?
Copyright 2022 Forcepoint. All rights reserved.